Hi all,
I need to integrate an authorization code flow in a nodejs app provided by a third editor. I m a newb in node so I have done a stuff like that:
Blockquote
const https = require(‘https’),
url = require(‘url’),
fs = require(‘fs’),
path = require(‘path’),
zlib = require(“zlib”);
const port = process.argv[2] || 8080;
const basepath = process.argv[3] || null;
const express = require(‘express’);
const session = require(‘express-session’);
const passport = require(‘passport’);
const OktaStrategy = require(‘passport-okta-oauth’).Strategy;
const app = express();
const oktaConfig = {
clientID: ‘',
clientSecret: '’,
callbackURL: ‘http://localhost/authorization-code/callback’,
tokenURL: ‘https://domain/oauth2/*****************/v1/token’,
authorizationURL: ‘https://domain/oauth2/*****************/v1/authorize’,
audience: ‘https://domain/oauth2/*****************/’,
issuer: ‘https://domain/oauth2/*****************/’,
scope: [‘openid’, ‘profile’, ‘email’]
};
passport.use(new OktaStrategy(oktaConfig,
(accessToken, refreshToken, profile, done) => {
return done(null, profile);
}
));
passport.serializeUser((user, done) => {
done(null, user);
});
passport.deserializeUser((user, done) => {
done(null, user);
});
app.use(session({
secret: ‘your-session-secret’,
resave: false,
saveUninitialized: false
}));
app.use(passport.initialize());
app.use(passport.session());
app.use((req, res, next) => {
console.log(${req.method} ${req.url}
);
next();
});
app.get(‘‘, passport.authenticate(‘okta’));
app.get(’/authorization-code/callback’,
passport.authenticate(‘okta’, { failureRedirect: ‘/’ }),
(req, res) => {
res.redirect(‘/’);
}
);
app.use(‘/’, (req, res, next) => {
if (!req.isAuthenticated()) {
return res.redirect(‘/’);
}
next();
});
const privateKey = fs.readFileSync(‘/certificates/cert.key’, ‘utf8’);
const certificate = fs.readFileSync(‘/certificates/cert.pem’, ‘utf8’);
const options = { key: privateKey, cert: certificate};
app.get('’, (req, res, next) => {
… app code …
});
https.createServer(options, (req, res) => {
app(req, res);
}).listen(parseInt(port));
The issue is when the v1/authorization query is generate, the concat is wrong. I got twice time oauth2:
https://domain/oauth2/*****************/oauth2/v1/authorize instead of
https://domain/oauth2/*****************/v1/authorize
Do you have any idea to fix it?
Best,thx